CN105653941A - Heuristic detection method and system for phishing website - Google Patents
Heuristic detection method and system for phishing website Download PDFInfo
- Publication number
- CN105653941A CN105653941A CN201510458569.7A CN201510458569A CN105653941A CN 105653941 A CN105653941 A CN 105653941A CN 201510458569 A CN201510458569 A CN 201510458569A CN 105653941 A CN105653941 A CN 105653941A
- Authority
- CN
- China
- Prior art keywords
- website
- detected
- hyperlink
- fishing
- probability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Abstract
The invention discloses a heuristic detection method for a phishing website. The method comprises steps of grasping home page frame source codes of a to-be-detected website, extracting all hyperlink URL of the to-be-detected website, determining whether repeat hyperlink URL exists, determining the website a safe website if the repeat hyperlink does not exist, extracting all hyperlink text labels corresponding to a hyperlink URL with highest repetition rate if repeat hyperlink does not exists, calculating content repetition rate of the extracted hyperlink text label and giving out a suspicious index (A) based on the content repetition rate, and giving out possibility of the to-be-detected website a phishing website based on the value of A. The value of A is inversely proportional to the content repetition rate. The invention further discloses a heuristic detection system for the phishing website. The technical scheme is based on general characters of the phishing websites, so the phishing websites can be quickly and accurately identified.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to the method and system of a kind of heuristic detection fishing website.
Background technology
Along with developing rapidly of the Internet, daily life and the Internet contact increasingly tightr, the almost every day such as instant messaging, online game, financial management in the Internet, online payment is along with people. But, the information security issue brought along with information development is also on the rise. Currently, phishing has become as the topic that network safety filed is the most popular. Although it is not a kind of new poisoning intrusion method, but its damaging range is expanding gradually, becomes one of the most serious recent Cyberthreat. So-called " fishing website " refers to that lawless person utilizes address and the content of pages of the counterfeit actual site of various means, user cheating inputs real account profile, thus obtaining the related data of user, including: the multiple personal assetses such as bank account, social account, phone number, identity information, GID.
According to statistics, the harm that fishing website brings progressively is caught up with, even more than the harm that virus is brought to user. According to estimates, domestic network fishing allows the loss of netizen reach 7,600,000,000 yuan. So huge interests are lured down, and fishing website also progressively shows comparatively ripe and complete " industrial chain ", it might even be possible to spend little fund just can have one at once and touch the same interface with some e-commerce website one. Such as: the fishing website of QQ abnormal login relatively common recently, the scene of this event is, hacker is by sending an Email to user, inform the frequent different-place login of QQ number of this user, and a link is provided, claim to be fetched by this chain and lift restrictions, this link clicks enters to be a page closely similar with QQ security centre, page request input user No. QQ and password, and require that input wealth pays logical account, user identity card and the sensitive information such as payment cipher subsequently, once input the private account of this user and wealth will be stolen. Along with popularizing of the Internet, increasing person in middle and old age and teenager network, and are had scanty experience of life in the Internet by they, and network security knowledge is deficient, very easily being attracted fooled, this also just orders about increasing people and spearhead points to fishing website " fishing " takes the interests of network security disadvantaged group. Hit the network crime for this, resist the very urgent of phishing change. The identification of current fishing website relies primarily on artificial report, based on black list techniques identification.
At the commitment that fishing website has just risen, owing to the quantity of fishing website is few, kind is simple, it is to meet background at that time that the mode relying on artificial cognition carrys out anti-phishing, but nowadays fishing website increases sharply, the artificial cognition cycle is relatively slow, can not tackle information security situation of today completely. Another is blacklist identification technology, blacklist identification technology is malicious websites to be put in storage, when accessing unknown website, carries out and the comparison of blacklist storehouse, if the warning of fishing website will be displayed to the user that after the match is successful, intercept user's access to this page simultaneously. One open defect of black list techniques is: it only can detect and identify known harmful malicious websites. Threatening then helpless to new phishing attack, this success rate directly resulting in this traditional detection hold-up interception method is relatively low.
Summary of the invention
Technical solutions according to the invention are by analyzing the general common feature that fishing website exists, the homepage page source code of website to be detected is crawled, and judge whether further to repeat identical hyperlink URL, and continue to judge whether the hyperlink text label corresponding to the hyperlink URL of these repetitions repeats identical, if different from each other, then this website is that the probability of fishing website is bigger. Technical scheme of the present invention can not only identify rapidly fishing website, and can provide the probability that website to be detected is fishing website, thus reducing wrong report.
The present invention adopts and realizes with the following method: a kind of method of heuristic detection fishing website, including:
Crawl the homepage page source code of website to be detected;
Extract all hyperlink URLs of website to be detected;
Judging whether the hyperlink URL repeated, if being absent from, being then judged to security website, otherwise extract all hyperlink text labels that the highest hyperlink URL of repetitive rate is corresponding;
Calculating the content repetitive rate of the hyperlink text label extracted, and content-based repetitive rate provides suspicious Index A, the value of described A and described content repetitive rate are inversely proportional to;
Value based on A provides the probability that website to be detected is fishing website.
Further, before all hyperlink URLs of described extraction website to be detected, also include: described website to be detected is mated with white list, filter known safe website.
Further, also including: the content of website to be detected is crawled, and judge whether the sensitive vocabulary of storage in sensitive storehouse, if being absent from, being then security website, otherwise setting suspicious index B, the value of described B rule of thumb sets;
The described value based on A provides the probability that website to be detected is fishing website, replaces with: the value based on A and B comprehensively provides the probability that website to be detected is fishing website.
Further, also include: judge whether website to be detected possesses list and submit function to, if not possessing, being then security website, otherwise setting suspicious index as C, and the value of described C rule of thumb sets;
The described value based on A provides the probability that website to be detected is fishing website, replaces with: the value based on A and C comprehensively provides the probability that website to be detected is fishing website.
Further, also include: judge that described list submits whether process is encrypted transmission to, if so, then set suspicious index as D, otherwise set suspicious index as d;
The value of described D and d is rule of thumb set, and meets D less than d;
The described value based on A and C comprehensively provides the probability that website to be detected is fishing website, replaces with: the value based on A, C and D or d comprehensively provides the probability that website to be detected is fishing website.
The present invention can adopt following system to realize: the system of a kind of heuristic detection fishing website, including:
Source code acquisition module, for crawling the homepage page source code of website to be detected;
Hyperlink extraction module, for extracting all hyperlink URLs of website to be detected;
First determination module, for judging whether the hyperlink URL repeated, if being absent from, is then judged to security website, otherwise extracts all hyperlink text labels that the highest hyperlink URL of repetitive rate is corresponding;
Computing module, for calculating the content repetitive rate of the hyperlink text label of extraction, and content-based repetitive rate sets suspicious Index A, and the value of described A and described content repetitive rate are inversely proportional to;
Feedback module, provides, for the value based on A, the probability that website to be detected is fishing website.
Further, also include: white list filtering module, for being mated with white list described website to be detected, filter known safe website.
Further, also include: sensitive storehouse matching module, for the content of website to be detected is crawled, and judge whether the sensitive vocabulary of storage in sensitive storehouse, if being absent from, then it is security website, otherwise setting suspicious index B, the value of described B is rule of thumb set;
Described feedback module, replaces with: comprehensively provide, for the value based on A and B, the probability that website to be detected is fishing website.
Further, also include: the second determination module, be used for judging whether website to be detected possesses list and submit function to, if not possessing, being then security website, otherwise setting suspicious index as C, and the value of described C is rule of thumb set;
Described feedback module, replaces with: comprehensively provide, for the value based on A and C, the probability that website to be detected is fishing website.
Further, also include: the 3rd determination module, be used for judging that described list submits whether process is encrypted transmission to, if so, then set suspicious index as D, otherwise set suspicious index as d;
The value of described D and d is rule of thumb set, and meets D less than d;
Described feedback module, replaces with: comprehensively provide, for the value based on A, C and D or d, the probability that website to be detected is fishing website.
To sum up, the present invention provides the method and system of a kind of heuristic detection fishing website, first, extract all hyperlink URLs of website to be detected, and judge whether the hyperlink URL repeated, if being absent from, being security website, otherwise finding out the hyperlink text label corresponding to the hyperlink URL that repetitive rate is the highest, and determine whether whether these hyperlink text labels repeat identical, and calculate content repetitive rate; This content repetitive rate is more low, then website to be detected is that the probability of fishing website is more high.
Have the beneficial effect that the present invention passes through to analyze the universal feature of fishing website, for instance, most hyperlink text labels of fishing website are illusory, and different hyperlink text labels is actually a corresponding hyperlink URL. The present invention is by verifying whether website to be detected exists above-mentioned characteristic, thus judging the probability that website to be detected is fishing website. Simultaneously, it is possible to assist further technical scheme provided by the present invention, thus comprehensive descision website to be detected is the probability of fishing website, and then reach to reduce wrong report, and quickly find the purpose of fishing website.
Accompanying drawing explanation
In order to be illustrated more clearly that technical scheme, the accompanying drawing used required in embodiment will be briefly described below, apparently, the accompanying drawing that the following describes is only some embodiments recorded in the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the embodiment of the method flow chart of a kind of heuristic detection fishing website provided by the invention;
Fig. 2 is the system embodiment structure chart of a kind of heuristic detection fishing website provided by the invention.
Detailed description of the invention
The present invention gives the method and system embodiment of a kind of heuristic detection fishing website, in order to make those skilled in the art be more fully understood that the technical scheme in the embodiment of the present invention, and it is understandable to enable the above-mentioned purpose of the present invention, feature and advantage to become apparent from, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail:
Present invention firstly provides the embodiment of the method for a kind of heuristic detection fishing website, as it is shown in figure 1, include:
S101 crawls the homepage page source code of website to be detected;
S102 extracts all hyperlink URLs of website to be detected;
S103 judges whether the hyperlink URL repeated, if it is not, be then judged to security website, otherwise performs S104; Namely judge whether website to be detected exists multiple identical hyperlink URL;
S104 extracts all hyperlink text labels that the highest hyperlink URL of repetitive rate is corresponding;
Wherein, if there is multiple identical hyperlink URL, then continue to obtain the hyperlink text label that these identical hyperlink URLs are corresponding; Described hyperlink text label refers to, for marking the label of hyperlink in webpage;
S105 calculates the content repetitive rate of the hyperlink text label extracted, and content-based repetitive rate provides suspicious Index A, and the value of described A and described content repetitive rate are inversely proportional to;
Wherein, described content repetitive rate is, the quantity that in the hyperlink text label of extraction, label substance is identical is divided by the total quantity of the hyperlink text label extracted. So, content repetitive rate is more low, illustrates there are more hyperlink text labels possessing different label substance more, points to same hyperlink URL, thus the value of the suspicious Index A that website to be detected is fishing website is more big;
The comparison that usual fishing website will not do as actual site is fine, and a lot of hyperlink text labels perform practically no function, and all point to same suspicious hyperlink URL, and this is also the general character of most fishing website;
S106 provides, based on the value of A, the probability that website to be detected is fishing website.
Wherein, owing to the judgement of fishing website is more complicated, thus here can according to suspicious index, thus feeding back the probability that website to be detected is fishing website, for reference and make rational disposal, it is to avoid the loss brought due to wrong report.
Preferably, before all hyperlink URLs of described extraction website to be detected, also include: described website to be detected is mated with white list, filter known safe website.
As above, before website to be detected is processed further, first pass through the form mated with white list, filter known safe website, for instance: the known safe websites such as Taobao, Jingdone district net, each bank official website. It is thus possible to effectively reduce the Websites quantity to be detected entering following detection step, it is possible to be effectively improved detection efficiency, save the detection time.
Preferably, also including: the content of website to be detected is crawled, and judge whether the sensitive vocabulary of storage in sensitive storehouse, if being absent from, being then security website, otherwise setting suspicious index B, the value of described B rule of thumb sets;
The described value based on A provides the probability that website to be detected is fishing website, replaces with: the value based on A and B comprehensively provides the probability that website to be detected is fishing website.
Wherein, described B can arrange different values or the quantity for the sensitive vocabulary occurred in web site contents according to different sensitive vocabulary, suitably increases the value of B.
Wherein, the sensitive vocabulary of storage in described sensitive storehouse, it is that the likely induction user of daily collection and renewal inputs the vocabulary of sensitive information, including: No. QQ, password, Alipay, the full name of various bank and abbreviation, various GID title or wealth Fu Tong etc.; If web site contents to be detected existing sensitive vocabulary, then for the suspicious index B of the grade setting of this sensitivity vocabulary; And then the value of foundation A and B is thus synthetic determination website to be detected is the probability of fishing website, this technological means can greatly reduce wrong report, improves detection accuracy.
Preferably, also include: judge whether website to be detected possesses list and submit function to, if not possessing, being then security website, otherwise setting suspicious index as C, and the value of described C rule of thumb sets;
The described value based on A provides the probability that website to be detected is fishing website, replaces with: the value based on A and C comprehensively provides the probability that website to be detected is fishing website.
Wherein, it typically is provided with list and submits the website of function to, it is achieved the probability of fishing website is bigger, utilizes this technological means, it is possible to effectively filter out the webpage of the pure static state of majority; Thus saving detection required time, also improve the recall rate of fishing website.
It is highly preferred that also include: judge that described list submits whether process is encrypted transmission to, if so, then set suspicious index as D, otherwise set suspicious index as d;
The value of described D and d is rule of thumb set, and meets D less than d;
The described value based on A and C comprehensively provides the probability that website to be detected is fishing website, replaces with: the value based on A, C and D or d comprehensively provides the probability that website to be detected is fishing website.
Wherein, being found by the analysis for known fishing website, list being encrypted different from most security websites, most fishing website maneuvers are accurate not, the sensitive information that meeting plaintext transmission user submits to. Based on this, it is considered herein that list is more likely fishing website by plaintext transmission than encrypted transmission, thus proposing, whether the value comprehensive descision website to be detected based on A, C and D or d is fishing, can reach better detection effect and accuracy. Such as, by judging whether described list have employed 443 ports and carry out HTTP encrypted transmission, if so, then sets the value of D, otherwise set the value of d, and then combine the suspicious index that other decision methods provide, further determine whether it is fishing website.
Present invention also offers the system embodiment of a kind of heuristic detection fishing website, as in figure 2 it is shown, include:
Source code acquisition module 201, for crawling the homepage page source code of website to be detected;
Hyperlink extraction module 202, for extracting all hyperlink URLs of website to be detected;
First determination module 203, for judging whether the hyperlink URL repeated, if being absent from, is then judged to security website, otherwise extracts all hyperlink text labels that the highest hyperlink URL of repetitive rate is corresponding;
Computing module 204, for calculating the content repetitive rate of the hyperlink text label of extraction, and content-based repetitive rate sets suspicious Index A, and the value of described A and described content repetitive rate are inversely proportional to;
Feedback module 205, provides, for the value based on A, the probability that website to be detected is fishing website.
Preferably, also include: white list filtering module, for being mated with white list described website to be detected, filter known safe website.
Preferably, also include: sensitive storehouse matching module, for the content of website to be detected is crawled, and judge whether the sensitive vocabulary of storage in sensitive storehouse, if being absent from, then it is security website, otherwise setting suspicious index B, the value of described B is rule of thumb set;
Described feedback module, replaces with: comprehensively provide, for the value based on A and B, the probability that website to be detected is fishing website.
Preferably, also include: the second determination module, be used for judging whether website to be detected possesses list and submit function to, if not possessing, being then security website, otherwise setting suspicious index as C, and the value of described C is rule of thumb set;
Described feedback module, replaces with: comprehensively provide, for the value based on A and C, the probability that website to be detected is fishing website.
It is highly preferred that also include: the 3rd determination module, it is used for judging that described list submits whether process is encrypted transmission to, if so, then sets suspicious index as D, otherwise set suspicious index as d;
The value of described D and d is rule of thumb set, and meets D less than d;
Described feedback module, replaces with: comprehensively provide, for the value based on A, C and D or d, the probability that website to be detected is fishing website.
As it has been described above, to embodiment capture website to be detected homepage page source code, it may be judged whether there is the hyperlink URL of repetition, extract all hyperlink text labels corresponding to the hyperlink URL that described repetitive rate is the highest; Determine whether the ratio shared by text label identical in these hyperlink text labels, i.e. content repetitive rate; And the numerical value of content-based repetitive rate provides the value of the suspicious Index A that website to be detected is fishing website. Meanwhile, whether the present invention gives can auxiliary judgment website to be detected be the other technologies means of fishing website.
To sum up, based on the drawback of traditional detection fishing website, the present invention by analyzing the general character of fishing website, namely most fishing websites do relatively rough, simultaneously in order to guide user to upload sensitive information, the most hyperlink text labels on website all point to same hyperlink URL. Therefore, the hyperlink text label that the present invention proposes mainly for repeating corresponding to hyperlink URL detects, it is judged that the content repetitive rate of described hyperlink text label, thus providing the probability that website to be detected is fishing website. The present invention discloses the technological means of other auxiliary judgment, it is possible to improve the accuracy of detection further. The present invention can provide the user the probability that this website is fishing website, it is to avoid whether be the result of determination of fishing website, but provide the user more information if directly giving, auxiliary user makes decision-making more accurately.
Above example is in order to illustrative not limiting technical scheme. Without departing from any modification or partial replacement of spirit and scope of the invention, all should be encompassed in the middle of scope of the presently claimed invention.
Claims (10)
1. the method for a heuristic detection fishing website, it is characterised in that including:
Crawl the homepage page source code of website to be detected;
Extract all hyperlink URLs of website to be detected;
Judging whether the hyperlink URL repeated, if being absent from, being then judged to security website, otherwise extract all hyperlink text labels that the highest hyperlink URL of repetitive rate is corresponding;
Calculating the content repetitive rate of the hyperlink text label extracted, and content-based repetitive rate provides suspicious Index A, the value of described A and described content repetitive rate are inversely proportional to;
Value based on A provides the probability that website to be detected is fishing website.
2. the method for claim 1, it is characterised in that before all hyperlink URLs of described extraction website to be detected, also includes: mated with white list described website to be detected, filters known safe website.
3. the method for claim 1, it is characterised in that also include: the content of website to be detected is crawled, and judge whether the sensitive vocabulary of storage in sensitive storehouse, if being absent from, then it is security website, otherwise setting suspicious index B, the value of described B rule of thumb sets;
The described value based on A provides the probability that website to be detected is fishing website, replaces with: the value based on A and B comprehensively provides the probability that website to be detected is fishing website.
4. the method for claim 1, it is characterised in that also include: judge whether website to be detected possesses list and submit function to, if not possessing, being then security website, otherwise setting suspicious index as C, and the value of described C rule of thumb sets;
The described value based on A provides the probability that website to be detected is fishing website, replaces with: the value based on A and C comprehensively provides the probability that website to be detected is fishing website.
5. method as claimed in claim 4, it is characterised in that also include: judge that described list submits whether process is encrypted transmission to, if so, then set suspicious index as D, otherwise set suspicious index as d;
The value of described D and d is rule of thumb set, and meets D less than d;
The described value based on A and C comprehensively provides the probability that website to be detected is fishing website, replaces with: the value based on A, C and D or d comprehensively provides the probability that website to be detected is fishing website.
6. the system of a heuristic detection fishing website, it is characterised in that including:
Source code acquisition module, for crawling the homepage page source code of website to be detected;
Hyperlink extraction module, for extracting all hyperlink URLs of website to be detected;
First determination module, for judging whether the hyperlink URL repeated, if being absent from, is then judged to security website, otherwise extracts all hyperlink text labels that the highest hyperlink URL of repetitive rate is corresponding;
Computing module, for calculating the content repetitive rate of the hyperlink text label of extraction, and content-based repetitive rate sets suspicious Index A, and the value of described A and described content repetitive rate are inversely proportional to;
Feedback module, provides, for the value based on A, the probability that website to be detected is fishing website.
7. system as claimed in claim 6, it is characterised in that also include: white list filtering module, for being mated with white list described website to be detected, filters known safe website.
8. system as claimed in claim 6, it is characterized in that, also include: sensitive storehouse matching module, for the content of website to be detected is crawled, and judge whether the sensitive vocabulary of storage in sensitive storehouse, if being absent from, then it is security website, otherwise setting suspicious index B, the value of described B is rule of thumb set;
Described feedback module, replaces with: comprehensively provide, for the value based on A and B, the probability that website to be detected is fishing website.
9. system as claimed in claim 6, it is characterised in that also include: the second determination module, for judging whether website to be detected possesses list and submit function to, if not possessing, is then security website, otherwise setting suspicious index as C, the value of described C is rule of thumb set;
Described feedback module, replaces with: comprehensively provide, for the value based on A and C, the probability that website to be detected is fishing website.
10. system as claimed in claim 9, it is characterised in that also include: the 3rd determination module, is used for judging that described list submits whether process is encrypted transmission to, if so, then sets suspicious index as D, otherwise set suspicious index as d;
The value of described D and d is rule of thumb set, and meets D less than d;
Described feedback module, replaces with: comprehensively provide, for the value based on A, C and D or d, the probability that website to be detected is fishing website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510458569.7A CN105653941A (en) | 2015-07-31 | 2015-07-31 | Heuristic detection method and system for phishing website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510458569.7A CN105653941A (en) | 2015-07-31 | 2015-07-31 | Heuristic detection method and system for phishing website |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105653941A true CN105653941A (en) | 2016-06-08 |
Family
ID=56482025
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510458569.7A Withdrawn CN105653941A (en) | 2015-07-31 | 2015-07-31 | Heuristic detection method and system for phishing website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105653941A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108206806A (en) * | 2016-12-16 | 2018-06-26 | 广东世纪网通信设备股份有限公司 | Fishing website hold-up interception method, device and the server for intercepting fishing website |
| CN109391584A (en) * | 2017-08-03 | 2019-02-26 | 武汉安天信息技术有限责任公司 | A kind of recognition methods of doubtful malicious websites and device |
| CN110119508A (en) * | 2019-03-29 | 2019-08-13 | 腾讯科技(深圳)有限公司 | Filter method, system and the equipment of chat messages |
| CN113901376A (en) * | 2021-12-09 | 2022-01-07 | 中国电子科技集团公司信息科学研究院 | Malicious website detection method and device, electronic equipment and computer storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592067A (en) * | 2011-01-17 | 2012-07-18 | 腾讯科技(深圳)有限公司 | Webpage recognition method, device and system |
| CN102902917A (en) * | 2011-07-29 | 2013-01-30 | 国际商业机器公司 | Method and system for preventing phishing attacks |
| CN104216930A (en) * | 2013-07-30 | 2014-12-17 | 腾讯科技(深圳)有限公司 | Method and device for detecting skipping type phishing webpage |
-
2015
- 2015-07-31 CN CN201510458569.7A patent/CN105653941A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592067A (en) * | 2011-01-17 | 2012-07-18 | 腾讯科技(深圳)有限公司 | Webpage recognition method, device and system |
| CN102902917A (en) * | 2011-07-29 | 2013-01-30 | 国际商业机器公司 | Method and system for preventing phishing attacks |
| CN104216930A (en) * | 2013-07-30 | 2014-12-17 | 腾讯科技(深圳)有限公司 | Method and device for detecting skipping type phishing webpage |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108206806A (en) * | 2016-12-16 | 2018-06-26 | 广东世纪网通信设备股份有限公司 | Fishing website hold-up interception method, device and the server for intercepting fishing website |
| CN109391584A (en) * | 2017-08-03 | 2019-02-26 | 武汉安天信息技术有限责任公司 | A kind of recognition methods of doubtful malicious websites and device |
| CN110119508A (en) * | 2019-03-29 | 2019-08-13 | 腾讯科技(深圳)有限公司 | Filter method, system and the equipment of chat messages |
| CN110119508B (en) * | 2019-03-29 | 2023-03-24 | 腾讯科技(深圳)有限公司 | Chat message filtering method, system and equipment |
| CN113901376A (en) * | 2021-12-09 | 2022-01-07 | 中国电子科技集团公司信息科学研究院 | Malicious website detection method and device, electronic equipment and computer storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103559235B (en) | A kind of online social networks malicious web pages detection recognition methods | |
| Rao et al. | Phishshield: a desktop application to detect phishing webpages through heuristic approach | |
| CN104954372B (en) | A kind of evidence obtaining of fishing website and verification method and system | |
| CN104462152B (en) | A kind of recognition methods of webpage and device | |
| CN102957664B (en) | A kind of method and device identifying fishing website | |
| CN105119909B (en) | A kind of counterfeit website detection method and system based on page visual similarity | |
| CN104077396A (en) | Method and device for detecting phishing website | |
| WO2016201938A1 (en) | Multi-stage phishing website detection method and system | |
| CN103179132A (en) | Method and device for detecting and defending CC (challenge collapsar) | |
| CN109922065B (en) | Quick identification method for malicious website | |
| CN104462509A (en) | Review spam detection method and device | |
| CN102647408A (en) | Method for judging phishing website based on content analysis | |
| CN109274632A (en) | A kind of recognition methods of website and device | |
| CN104580230B (en) | Verification method and device are attacked in website | |
| Liu et al. | An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment | |
| CN103500307A (en) | Mobile internet malignant application software detection method based on behavior model | |
| CN112929390B (en) | Network intelligent monitoring method based on multi-strategy fusion | |
| CN106230835B (en) | Method based on Nginx log analysis and the IPTABLES anti-malicious access forwarded | |
| CN107800686A (en) | A kind of fishing website recognition methods and device | |
| CN107463844B (en) | WEB Trojan horse detection method and system | |
| CN106549980A (en) | A kind of malice C&C server determines method and device | |
| CN105653941A (en) | Heuristic detection method and system for phishing website | |
| CN110784462A (en) | Three-layer phishing website detection system based on hybrid method | |
| CN108683649A (en) | A kind of malice domain name detection method based on text feature | |
| CN108509794A (en) | A kind of malicious web pages defence detection method based on classification learning algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160608 |
|
| WW01 | Invention patent application withdrawn after publication |